Most modern “serverless” architectures are a marketing lie. They aren’t serverless; they are just abstraction layers that hide the servers you’re still paying to maintain through transitive visibility debt. If you’re running a Node.js runtime to render a static page, you haven’t simplified your life—you’ve just added a new class of “managed” failure points.
I wanted something different. I wanted an architecture that could sit in a dark room for ten years without an update and still serve traffic.
The Pure Static Stack
This site is built on a rejection of the JavaScript-first web.
- The Engine (Hugo): I use Hugo because it is written in Go and doesn’t require a 400MB runtime to build a single HTML file. By purging
npm, I’ve eliminated the most common vector for supply chain attacks. The build is deterministic. The output is pure HTML. - The Origin (Private S3): Many architects make the mistake of using S3 Website Hosting. That’s a mistake. It requires making the bucket public. This site uses a private S3 bucket guarded by CloudFront Origin Access Control (OAC).
- The S3 bucket is 100% private.
- No public read access.
- No direct path to the objects.
- If you aren’t CloudFront, you don’t exist.
Hardware-Rooted CI/CD
Security isn’t just about the runtime; it’s about the deployment. I’ve seen too many “secure” sites compromised because someone left a .env file in a public GitHub repo.
- OIDC vs. Static Keys: I do not use AWS Access Keys. Instead, the GitHub Actions runner authenticates via OpenID Connect (OIDC). It’s an ephemeral, short-lived handshake that leaves no dangling objects of trust on my machine or in the cloud provider’s secrets manager.
- Native State Locking: Terraform manages the infrastructure, but even the state is hardened. I use Native S3 State Locking (Terraform v1.10+). No DynamoDB is required, reducing the moving parts in my AWS account to the absolute minimum.
The Bottom Line
A blog is a document, not a SaaS platform. By removing the runtime, the database, and the static keys, I’ve reduced the attack surface to the speed of light in fiber optics. It is fast, it is cheap, and it is stable.
Complexity is a choice. I chose to leave it behind.